Samuel Thibault on GNU Hurd
, Samuel Thibault
, Free Software
, system admin
The Unix model usually strongly separates the "privileged" user from the non-privileged users. The former usually have all possible privileges, while the latter have very restricted privileges, limited to their own home directory, and at best sometimes allowance to mount removable media. One of the answers from userland has for instance been GVFS, which permits GNOME applications to transparently access not only what the system proposes, i.e. actually what the privileged user proposes, but also what userland-provided content, such as files from FTP, SMB, etc. Another interesting example is using SOCKS to access an intranet website. Some browsers natively support using a SOCKS proxy, and for those which don't, libsocks4 can be used to transparently make them do.
Run time 43 minutes 15 secondsProducer Samuel ThibaultAudio/Visual sound, color
These approaches (embedding) are however limited and impede composition, since they mostly have to be explicited in the source code. What if a removable media is formated with a special filesystem? What if the intranet website can not be accessed through ssh, but only through a VPN? Why not being allowed to run a PPP tunnel over a serial port when one already has granted access to the serial port? These are usually not an issue on the desktop, where the unprivileged user is actually also the privileged user, and people have become used to tinkering something through sudo, FUSE, TAP, etc. but it's still tedious and potential security holes. On a freshly-installed system, can't one e.g. just run tar xf /ftp://ftp.gnu.org/pub/gnu/gcc/gcc-4.6.0/gcc-4.6.0.tar.bz2 to download and unpack a tarball in one go? Actually, on a GNU/Hurd system, one can.
Funnily enough, even if GNU is Not Unix, GNU/Hurd uses a very unixish approach to bring extensibility: files. By introducing the concept of translator, which is actually its real core, GNU/Hurd lets a user easily achieve a wide range of tasks which require particular privileges on usual Unix systems, examples include accessing the content of an iso image from a shell, chrooting, routing application network traffic through a VPN, IP translation…
This talk will present the notion of translator, and through some examples of translators which already work, show the range of power that it brings to "non-privileged" users (i.e. actually the #0 freedom) without breaking security, and how it compares with the Linux GVFS/FUSE/CUSE/etc. equivalents.